Google has revealed that a recent update to its Chrome web browser includes a fix for a bug which could leave the browser vulnerable to hackers.
Google recently warned that a recent update to its Chrome web browser included a fix for a zero-day exploit that hackers were actively attempting to crack. ZDnet reports that the hack exploited a security flaw named CVE-2019-5786, a patch to this issue was included in a version of Chrome released on March 1st; the version number was 72.0.3626.121.
Google revealed the issue in an announcement where the security lead of the Chrome browser stated that the bug which has since been patched was actively under attack by hackers at the time that it was patched. Google stated that the security flaw was to do with a memory management error in the browsers FileReader API which allows web apps to read files that are present on a user’s computer.
Chaouki Bekrar, CEO of exploit vendor Zerodium, stated that the vulnerability allowed malicious code to get past Chrome’s security sandbox allowing hackers to run commands on the users operating system.
All Chrome users have been advised to use the browser’s built-in update tool to update Chrome to the latest update in order to avoid future issues with the bug.
To do this, Google suggests the following steps:
- On your computer, open Chrome.
- At the top right, click More.
- Click Update Google Chrome. If you don’t see this button, you’re on the latest version.
- Click Relaunch.
This should update Chrome to the latest version and remove any security vulnerabilities.